WGU C706 Objective Assessment Exam Prep (Latest 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Grade A

WGU C706 Objective Assessment Exam

Prep (Latest 2023/ 2024 Update) Secure

Software Design| Questions and Verified

Answers| 100% Correct| Grade A

Q: Which command is used to determine open files?

a. Openfile

b. Net file

c. PSFiles

d. Open files

Answer:

b. Net file

Q: What prefetch does value 1 from the registry entry EnablePrefetcher tell the system to use?

a. Both application and boot prefetching are enabled

b. Boot prefetching is enabled

c. Application prefetching is enabled

d. Prefetching is enabled

Answer:

c. Application prefetching is enabled

EnablePrefetcher reg key values:

0: Prefetching is disabled

1: Application prefetching is enabled

2: Boot prefetching is enabled

3: Both application and boot prefetching are enabled

Q: What prefetch does value 3 from the registry entry EnablePrefetcher tell the system to use?

a. Boot prefetching is enabled

b. Application prefetching is enabled

c. Both application and boot prefetching are enabled

d. Prefetching is enabled

Answer:

c. Both application and boot prefetching are enabled

EnablePrefetcher reg key values:

0: Prefetching is disabled

1: Application prefetching is enabled

2: Boot prefetching is enabled

3: Both application and boot prefetching are enabled

Q: What tool enables you to retrieve information about event logs and pub- lishers in Windows

10?

a. MSconfig

b. Wevtutil

c. Regedit

d. EventViewer

Answer:

b. Wevtutil

Windows 10 stores event logs in EVTX file format and are based on XML (Extension

Markup Language).

wevtutil command can be used to retrieve information about event logs and publish- ers that is

not readily apparent via the Event Viewer user interface.

This tool enables you to retrieve information about event logs and publishers. You can also use

this command to install and uninstall event manifests; to run queries; and to export, archive, and

clear logs. Command to display a list of available event logs on the system:

wevtutil el

Q: command is used to display the network configuration of the NICs on

the system.

a. ipconfig \all

b. ipconfig /all

Answer:

b. ipconfig /all

Q: In Windows, where is the default location of the spool folder located?

a. C:\Windows\System32\spool

b. C:\Windows

c. C:\Windows\System32\spool\PRINTERS

d. C:\Windows\Spool\PRINTERS

Answer:

c. C:\Windows\System32\spool\PRINTERS

By default in Windows OS, the .SPL and .SHD files are stored in the spool folder driver at

C:\Windows\System32\spool\PRINTERS folder.

Print spool files are temporary files that the software program stores in the system

before completing the print task or to start printing at a scheduled time. Windows stores the file

in print spooler directory before printing, while the local print provider (Localspl.dll) writes the

contents to a spool file (.spl) and creates a separate graphics file (.emf) for each page.

Localspl.dll also maintains detailed data on a print job, such as the username, filename, etc., in a

shadow file (.shd).

Q: Which Windows Registry hives are considered nonvolatile with respect to data persistence?

a. HKEY_USERS, HKEY_CLASSES_ROOT

b. HKEY_CURRENT_USERS, HKEY_LOCAL_MACHINE

c. HKEY_LOCAL_MACHINE_ HKEY_USERS

d. HKEY_LOCAL_MACHINE, HKEY_CURRENT_CONFIG

Answer:

The main registry hives are: HKEY_CLASSES_ROOT HKEY_CURRENT_USER

HKEY_CUR- RENT_CONFIG HKEY_LOCAL_MACHINE HKEY_USERS

With respect to data persistence, Windows Registry hives are divided into two types: Nonvolatile:

HKEY_LOCAL_MACHINE, HKEY_USERS

Volatile:

HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_CURRENT_CONFIG

Q: In Windows Event Log File Internals, the following file is used to store the

Databases related to the system:

a. Security.evtx

b. System.evtx

c. Database.evtx

d. Application.evtx

Answer:

b. System.evtx

The Windows event log files are, essentially, databases with the records related to the system,

security, and applications.

The databases related to the system are stored in a file named System.evtx

The databases related to security are stored in a file named Security.evtx

The databases related to applications are stored in a file named Application.evtx

Windows event logs are stored in: C:\Windows\System32\winevt\Logs folder

Q: By default, Windows XP and later create hidden administrative shares on a system?

a. True

b. False

Answer:

b. False

By default, Windows Vista, 7, 8.1 and 10 create hidden administrative shares on a system.

Q: What would not be found on a most recently used list?

a. Bookmarks

b. Opened documents

c. Recently visited web pages

Answer:

a. Bookmarks

Q: What does analyzing Shellbags not provide forensic investigators with information about?

a. Folders deleted by users

b. Folders opened by users from a mounted external hard drive

c. Folders not opened from an external hard drive after the drive is mounted

d. Timestamps and MAC times of the accessed folder

Answer:

c. Folders not opened from an external hard drive after the drive is mounted

ShellBags hold information on deleted directories, deleted files, previously mounted drives, and

user/intruder actions, which can be highly valuable in a forensic investi- gation.